: Server flooded with Wordpress login requests. Need advice Recently I was looking at the nginx access logs and found on 2 ocassions a large ammount of requests pointed towards my WP login page.
Recently I was looking at the nginx access logs and found on 2 ocassions a large ammount of requests pointed towards my WP login page. There were over 50.000 requests coming from 2 different IP adresses.
I don't think that these are coming from automated bots, but rather a person that knows what is he doing. My website published an article about government surveillance, and after it was published, the next day I was flooded with requests like these. Previously I haven't noticed any strange activity showing up.
Is there any way on the server side to throttle / block this kind of requests? I'm using LEMP stack on a VPS from Digital Ocean. I see a lot of people are mentioning fail2ban as an option, but is there a more simple solution? If not, how do I properly configure fail2ban to identify and block requests that exceeds "n" requests / sec?
Can you advice me something else to properly secure my website? I'm planning to implement https to the login page, I'm already using SSH keys, and using pretty hard to bruteforce passwords.
Here's a small capture of the requests that were coming yesterday. I've already reported the IP address for abuse at the provider, but I don't think it will make a difference.
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
More posts by @Smith883
1 Comments
Sorted by latest first Latest Oldest Best
I've been using the Wordfence Security plugin for Wordpress, as it:
Allows you to ban certain IP addresses via Wordpress.
Can be configured to block IP addresses after too many failed Wordpress logins.
It will also email you whenever somebody has been locked out (or if somebody has logged in). Typically speaking, I get at least 10+ emails a day as bots are always trying to brute force their way into Wordpress.
I use fail2ban to block IPs that are attempting to brute force the SSH login on my server.
If you want to block the IP completely, you can follow this guide on how to block IP addresses via Nginx.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.